Anonymous
2026-07-16 16:05:39
(3 hours ago)
Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: GB, Attack patterns: Word ...
show more
Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: GB, Attack patterns: WordPress scanning, Backup file probing, Cloud secrets probing
show less
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 10:45:07
(9 hours ago)
(mod_security) mod_security (id:210492) triggered by 18.130.248.70 (ec2-18-130-248-70.eu-west-2.comp ...
show more
(mod_security) mod_security (id:210492) triggered by 18.130.248.70 (ec2-18-130-248-70.eu-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 06:44:58.987976 2026] [security2:error] [pid 2809:tid 2809] [client 18.130.248.70:51734] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "closedfortheseason.com"] [uri "/.git/config"] [unique_id "ali2KvzjJOd0Rlf8SkVTlAAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 10:25:39
(9 hours ago)
(mod_security) mod_security (id:210492) triggered by 18.130.248.70 (ec2-18-130-248-70.eu-west-2.comp ...
show more
(mod_security) mod_security (id:210492) triggered by 18.130.248.70 (ec2-18-130-248-70.eu-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 06:25:35.073657 2026] [security2:error] [pid 8447:tid 8447] [client 18.130.248.70:55716] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "clonomatic.com"] [uri "/.git/config"] [unique_id "alixn829To1Rad7wyLcW-AAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-16 09:36:54
(10 hours ago)
18.130.248.70 - - [16/Jul/2026:04:36:52 -0500] "GET /.env HTTP/1.1" 403 199 "-" "Mozilla/5.0 (Macint ...
show more
18.130.248.70 - - [16/Jul/2026:04:36:52 -0500] "GET /.env HTTP/1.1" 403 199 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" 141.101.98.49
18.130.248.70 - - [16/Jul/2026:04:36:52 -0500] "GET /.env.local HTTP/1.1" 403 199 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" 141.101.98.49
18.130.248.70 - - [16/Jul/2026:04:36:52 -0500] "GET /.env.production HTTP/1.1" 403 199 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" 141.101.98.49
18.130.248.70 - - [16/Jul/2026:04:36:53 -0500] "GET /.env.staging HTTP/1.1" 403 199 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" 141.101.98.49
18.130.248.70 - - [16/Jul/2026:04:36:53 -0500] "GET /.env.development HTTP/1.1" 403 199 "-" "Mozilla/5.0 (Macintosh; In
...
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 07:52:54
(11 hours ago)
(mod_security) mod_security (id:210492) triggered by 18.130.248.70 (ec2-18-130-248-70.eu-west-2.comp ...
show more
(mod_security) mod_security (id:210492) triggered by 18.130.248.70 (ec2-18-130-248-70.eu-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 03:52:46.848233 2026] [security2:error] [pid 1072:tid 1072] [client 18.130.248.70:42348] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "clisanchezenterprises.com"] [uri "/.git/config"] [unique_id "aliNzrYEnekx4g_Gwx7tDQAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 06:17:53
(13 hours ago)
(mod_security) mod_security (id:949110) triggered by 18.130.248.70 (ec2-18-130-248-70.eu-west-2.comp ...
show more
(mod_security) mod_security (id:949110) triggered by 18.130.248.70 (ec2-18-130-248-70.eu-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 02:17:48.742874 2026] [security2:error] [pid 27432:tid 27432] [client 18.130.248.70:60074] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "clintess.biz"] [uri "/.git/config"] [unique_id "alh3jFBhi6rJsc-AdIzJWwAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 03:10:08
(16 hours ago)
(mod_security) mod_security (id:210492) triggered by 18.130.248.70 (ec2-18-130-248-70.eu-west-2.comp ...
show more
(mod_security) mod_security (id:210492) triggered by 18.130.248.70 (ec2-18-130-248-70.eu-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 23:10:02.234212 2026] [security2:error] [pid 4815:tid 4815] [client 18.130.248.70:40334] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "clinicacero.com"] [uri "/.git/config"] [unique_id "alhLikof4M0QlpNkSoej7QAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 02:45:41
(17 hours ago)
(mod_security) mod_security (id:210492) triggered by 18.130.248.70 (ec2-18-130-248-70.eu-west-2.comp ...
show more
(mod_security) mod_security (id:210492) triggered by 18.130.248.70 (ec2-18-130-248-70.eu-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 22:45:34.408548 2026] [security2:error] [pid 23304:tid 23304] [client 18.130.248.70:49482] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "clinchspurs.com"] [uri "/.git/config"] [unique_id "alhFztrlyKJXCbkfCjpozwAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ง๐ช
cmbplf
2026-07-15 21:50:07
(21 hours ago)
2.190 requests with url.path *.env
Brute-Force
Bad Web Bot
Anonymous
2026-07-15 18:26:38
(1 day ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
๐ณ๐ฟ
Antinson
2026-07-15 15:50:16
(1 day ago)
Scraping with a high error ratio and request rate
Bad Web Bot
Anonymous
2026-07-15 15:05:07
(1 day ago)
Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: GB, Attack patterns: Word ...
show more
Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: GB, Attack patterns: WordPress scanning, Backup file probing, Cloud secrets probing
show less
Bad Web Bot
Web App Attack
๐ธ๐ช
vaia.cloud
2026-07-14 15:50:01
(2 days ago)
trying wp-login.php/xmlrpc.php 213 times in 1 minutes
Brute-Force
Web App Attack
๐บ๐ธ
snappic
2025-12-01 01:51:12
(7 months ago)
Scraping user agent [GET /api/v1/config] [python-httpx/0.28.1]
Bad Web Bot
Web App Attack